This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
-
Updated
Apr 29, 2023 - C
#
process-injection
Here are 23 public repositories matching this topic...
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
malware antivirus evasion bypass fiber dropper bypass-antivirus edr implant process-injection ntdll-unhooking systemfunction033
-
Updated
Feb 10, 2023 - C
Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
windows dll msvc malware-development shellcode-loader native-api process-injection ntapi shellcode-injection payload-encryption edr-bypass edr-evasion maldev dll-sideloading api-hashing direct-syscalls indirect-syscalls iat-camouflage
-
Updated
Dec 22, 2024 - C
Various methods of executing shellcode
-
Updated
Mar 27, 2023 - C
PoC for downloading data by injecting into processes to evade firewalls
-
Updated
Jan 31, 2024 - C
Poc for ELF64 runtime infection via GOT poisoning technique by elfmaster
c linux security proof-of-concept virus elf x64-assembly elf64 elf-binaries process-injection linux-system-programming
-
Updated
Feb 23, 2020 - C
PoC shellcode injector using clean syscalls to bypass user-mode hooks in ntdll.dll
packer assembly reverse-engineering dll-injection shellcode malware-analysis peb windows-api code-injection hooking memory-injection dll-injector loadlibrary windows-internals process-injection shellcode-injection
-
Updated
Jul 27, 2025 - C
Modular C2 loader featuring dynamic function encryption, in-memory payload support, and a covert DoH command channel, configurable via a Python builder and a Node.js web panel.
reverse-shell loader post-exploitation pe-loader socks5-proxy code-injection process-hollowing dll-hijacking queueuserapc windows-internals process-injection rwx red-team-tools apc-injection shellcode-runner token-stealth vm-bytecode-interpreter payloads-memory
-
Updated
Jul 27, 2025 - C
PoC implementation of the GhostWriting injection technique for x64 Windows
windows x86-64 injection poc pentesting windows-x64 redteam ghostwriting process-injection shellcode-injection shellcode-execute defense-evasion wpm-less-wpm popcalc
-
Updated
Feb 18, 2025 - C
PoC Linux process injection to hide execution of "benign" binary.
-
Updated
Oct 29, 2023 - C
Trojan that uses direct System Calls to inject shellcode into a target process, undetected by Windows Defender & Bitdefender
-
Updated
Sep 8, 2025 - C
Dll Shellcode Loader POC
malware hacking malware-research malware-development shellcode-loader pentest-tool redteam purpleteam process-injection
-
Updated
Mar 28, 2025 - C
A novel process injection technique using tagCLS based on atombombing
-
Updated
Jul 25, 2024 - C
Malware development using C programming language and Windows32 API's
-
Updated
Jan 19, 2024 - C
PG ITSi: ProcessInjection
c debugger debugging security assembly ptrace debuggers itsecurity ptrace-injection itsec process-injection
-
Updated
May 10, 2019 - C
A concise cheatsheet covering key process code injection techniques for red teaming and malware development.
malware-research malware-development injection-attacks red-teaming process-injection thread-hijacking ntapi-injection process-hallowing early-apc-injection
-
Updated
Jun 4, 2025 - C
Source code examples for a deprecated "DLL Memory Mapped Path Inclusion framework."
-
Updated
Sep 19, 2024 - C
Simple malware samples developed using C and Win32API utilising process injection techniques like shellcode injection and dll injection which involve injecting malicious shellcode into benign processes
c malware dll-injection windows-api win32api malware-development process-injection shellcode-injection
-
Updated
Dec 21, 2024 - C
A simple implementation of process code injection. This demonstrates injecting shellcode into a remote process, using basic Windows API functions for process manipulation.
malware-research windows-api malware-development red-team injection-attacks process-injection windows-malware
-
Updated
Apr 24, 2025 - C
Improve this page
Add a description, image, and links to the process-injection topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the process-injection topic, visit your repo's landing page and select "manage topics."